Transcript Secure Hierarchical In-network Data Aggregation for Sensor

Computer Science
Secure Hierarchical In-network Data
Aggregation for Sensor Networks
Steve McKinney
CSC 774 – Dr. Ning
Acknowledgment: Slides based on CCS 2006 slides by Haowen Chan
Research conducted by Haowen Chan, Adrian Perrig, and Dawn Song
Outline
•
•
•
•
The Secure Aggregation Problem
Algorithm Description
Efficiency Results
Conclusions and Future Work
Computer Science
In-Network Data Aggregation
15
+
(( ))
Q
0
9
“What is the sum of
all the sensor readings?”
2
6+
0
+ +9
3
4
41
+
2
Why Aggregation?
3
Computer Science
Answer:
Sensor Reading Falsification
21
(( ))
Q
15
0
6
0
15
2
0
3
Malicious node reports
false sensor reading
(Direct injection)
4
10
2
4
1
2
3
3
Computer Science
Aggregation Result Falsification
106
(( ))
Q
100
0
6
0
100
2
0
3
Malicious node reports
false aggregation result
4
4
2
4
1
2
3
3
Computer Science
Assumptions
• Unsecured, multi-hop network of n nodes
with one untrusted base station
• Querier shares symmetric key with each
node and all nodes are responsive
• Existence of broadcast authentication
primitive (μTESLA)
• Nodes are capable of computing symmetric
key and cryptographic hash operations
Computer Science
Related Work
• Based on probabilistic detection or special cases
• Single malicious node
– L. Hu and D. Evans [2003]
– P. Jadia and A. Mathuria [2004]
• Flat aggregator topology
– B. Przydatek, A. Perrig, D. Song [2003]
– W. Du, J. Deng, Y. Han, P.K. Varshney [2003]
• Probabilistic Detection
– B. Przydatek, A. Perrig, D. Song [2003]
– Y. Yang, X. Wang, S. Zhu, G. Cao [2006]
Computer Science
Contributions
• General hierarchical (tree-based)
aggregation topologies
• Multiple (unbounded) number of
compromised nodes
• Achieves tightest possible bound on
adversary’s ability to change aggregation
result
• Low communication overhead
– O(log2n) edge-congestion
Computer Science
Outline
•
•
•
•
The Secure Aggregation Problem
Algorithm Description
Results
Conclusions and future work
Computer Science
By Example
• Consider the SUM aggregate
• Sensor readings are in the range [0, r]
• Each sensor submits a reading, ai, and its complement
(r-ai)
• Sum of legitimate sensor readings is SL
• Aggregate sum, S (and its complement, S’), must satisfy:
– S + S’ = nr
• If this condition is satisfied, an adversary has, at most,
conducted a Direct Injection attack, and
• The lower bound on S is SL and the upper bound is
SL + μr, where μ is the number of malicious nodes
Computer Science
The Algorithm
1. Query Dissemination

Query sent from Querier with nonce, N
2. Aggregation Commit
3. Result Checking
Computer Science
Aggregation Commit
Aggregation Tree
Commitment Tree
F
LE
LR
LABCD
D
LE
E
LF
LABCD
LC
LAB
B
LA
LB={1, vB, v’B, B}
Computer Science
LA
LC
LB
LAB={2, vAB, vAB, H[N||2||vAB||v’AB||A||B]}
LABCD={4, vABCD, vABCD, H[N||4||vABCD||v’ABCD||AB||C||D]}
…
…
A
LA={1, vA, v’A, A}
LD
LAB
C
Result Checking
• Novel idea:
– Distribute verification process to the sensors
– Previously: Querier performed probing
• Cannot probe every node
• Too much congestion near the base station
• Process
– Querier sends the aggregate label(s) via authenticated broadcast to
all nodes
– Each node verifies its contribution is part of the aggregate using
off-path labels
– After verification, nodes send an authentication code up the
aggregation tree: MACKi(N||OK)
– The Querier verifies the authentication code
Computer Science
Result Checking
How are off-path labels distributed?
F
LD
LE
E
D
LD
LE
Computer Science
Result Checking
How do nodes verify their contribution?
S: 22
E: 5
F: 7
ABCD: 10
22 = 3 + 2 + 1 + 4 + 5 + 7
D: 4
AB: 5
A: 3
C: 1
B: 2
Computer Science
Result Checking
Returning and checking authentication codes
F
D
E
1100 ⊕
0100
C
B
A
⊕
0111
1111 ⊕
• Remember that the Querier shares a
symmetric key with each node
•⊕
Therefore it can compute the XOR’d
authentication code and compare to the
received value:
0101 MACK1(N||OK) ⊕ ... ⊕ MACKn(N||OK)
0101 ⊕
0110
0011 = MACKA(N||OK)
Computer Science
Balancing the Commitment Tree
• Unbalanced commitment trees yield long
paths and high overhead
• Idea: Instead of one commitment tree, keep
a forest of O(log n) complete commitment
trees
• Can be constructed using Delayed
Aggregation
• Only perform aggregation on subtrees of
equal height
Computer Science
Delayed Aggregation
Naïve Approach
Delayed Approach
LR
LABCD
LE
LABCD
LF
LD
LAB
LA
LAB
LC
LB
Computer Science
LA
LEF
LCD
LB
LC
LD
LE
LF
Efficiency
• Congestion measured in terms of most
heavily loaded edge or node in the network
• Aggregation tree:
– Edge: O(log2n)
– Node: O(Δlog2n); Δ=highest degree of any node
• Commitment tree: O(log n)
Computer Science
Conclusion
• Secure data aggregation algorithm
– Suitable for general tree-based aggregation topologies
– Resilient against multiple malicious nodes
– Tightest possible guarantees on adversary detection
(without assuming application knowledge)
– Low O(log2n) edge congestion
– Limitation: need to know the set of responding nodes
• Future Work:
– Secure versions of more sophisticated aggregation
functions
– Defenses against sensor reading falsification
Computer Science
Questions?